Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
7048
Views
0
Helpful
3
Replies

Easy VPN on ASA

Go to solution
Ahmed Yassin
Level 1
Level 1

ā€Ž12-03-2009 01:55 AM - edited ā€Ž03-11-2019 09:45 AM

Dear all,

I configured easy VPN on my ASA, but, when i type the following command, it gives  me this error as shown:

SA-Gate(config)# crypto ipsec transform-set myset esp-3des esp-md5-hmac
The 3DES/AES algorithms require a VPN-3DES-AES activation key.
ASA-Gate(config)# crypto dynamic-map dmap 100 set transform-set myset
ERROR: transform set with tag "myset" does not exist.

So, this issue concerning Licensed features on ASA and if so, what is all required to complete the easy VPN configuration.

N.B.: sh version of ASA is attached.

Labels:
36425-sh version.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Pedro Ivo Santos Mauri
Cisco Employee
Cisco Employee

ā€Ž12-07-2009 10:21 AM

Hi Ahmed,

Hope you are doing fine!

Actually your activation key (license) only allows you use DES encryption level (not 3DES or AES).

So when configuring the transform set. You have to set ecryption as DES:

"crypto ipsec transform-set myset esp-des esp-md5-hmac"


Otherwise, you ned a license upgrade to enable 3DES/AES. Check this link:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/DESlic.html

Hope this helps you.

Cheers,

Pedro

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Pedro Ivo Santos Mauri
Cisco Employee
Cisco Employee

ā€Ž12-07-2009 10:21 AM

Hi Ahmed,

Hope you are doing fine!

Actually your activation key (license) only allows you use DES encryption level (not 3DES or AES).

So when configuring the transform set. You have to set ecryption as DES:

"crypto ipsec transform-set myset esp-des esp-md5-hmac"


Otherwise, you ned a license upgrade to enable 3DES/AES. Check this link:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/DESlic.html

Hope this helps you.

Cheers,

Pedro

0 Helpful

Go to solution
Ahmed Yassin
Level 1
Level 1
In response to Pedro Ivo Santos Mauri

ā€Ž12-08-2009 02:34 AM

Thx a lot for your suggestion, and it is

worked well with me.

But, if you please, what is the exact difference bet. 3DES & DES.

0 Helpful

Go to solution
Pedro Ivo Santos Mauri
Cisco Employee
Cisco Employee
In response to Ahmed Yassin

ā€Ž12-08-2009 03:46 AM

Hi Ahmed,

The difference between them is the level of strength of the encryption algorythm. 3DES uses 3 encryption keys (created by the algorythm) while DES uses only one. In practical terms, 3DES has a 3 times longer key to encrypt data than DES, what makes 3DES a stronger method.

Cheers,

Pedro

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card